检索结果-南通市图书馆

Stochastic Modelling of Vulnerability Life Cycle and Security Risk Evaluation

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Journal of Information Security 2016年第4期7卷 269-279页

作者： Sasith M. Rajasooriya Chris P. Tsokos pubudu kalpani kaluarachchi Department of Mathematics and Statistics University of South Florida Tampa Florida USA

The objective of the present study is to propose a risk evaluation statistical model for a given vulnerability by examining the Vulnerability Life Cycle and the CVSS score. Having a better understanding of the behavior of vulnerability with respect to time will give us a great advantage. Such understanding will help us to avoid exploitations and introduce patches for a particular vulnerability before the attacker takes the advantage. Utilizing the proposed model one can identify the risk factor of a specific vulnerability being exploited as a function of time. Measuring of the risk factor of a given vulnerability will also help to improve the security level of software and to make appropriate decisions to patch the vulnerability before an exploitation takes place.

关键词： Stochastic Modelling Security Risk Evaluation Vulnerability Life Cycle Risk Factor

Non-Homogeneous Stochastic Model for Cyber Security Predictions

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Journal of Information Security 2018年第1期9卷 12-24页

作者： pubudu kalpani kaluarachchi Chris P. Tsokos Sasith M. Rajasooriya Department of Mathematical and Physical Sciences Miami University Middletown Ohio USA Distinguished University Professor Department of Mathematics and Statistics University of South Florida Tampa Florida USA Department of Statistics Miami University Oxford Ohio USA

Any computer system with known vulnerabilities can be presented using attack graphs. An attacker generally has a mission to reach a goal state that he expects to achieve. Expected Path Length (EPL) [1] in the context of an attack graph describes the length or number of steps that the attacker has to take in achieving the goal state. However, EPL varies and it is based on the “state of vulnerabilities” [2] [3] in a given computer system. Any vulnerability throughout its life cycle passes through several stages that we identify as “states of the vulnerability life cycle” [2] [3]. In our previous studies we have developed mathematical models using Markovian theory to estimate the probability of a given vulnerability being in a particular state of its life cycle. There, we have considered a typical model of a computer network system with two computers subject to three vulnerabilities, and developed a method driven by an algorithm to estimate the EPL of this network system as a function of time. This approach is important because it allows us to monitor a computer system during the process of being exploited. Proposed non-homogeneous model in this study estimates the behavior of the EPL as a function of time and therefore act as an index of the risk associated with the network system getting exploited.

关键词： Vulnerability Attack Graph Markov Model Security Evaluation Expected Path Length (EPL) Common Vulnerability Scoring System (CVSS) Non Homogeneous Stochastic Model

Cyber Security: Nonlinear Stochastic Models for Predicting the Exploitability

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Journal of Information Security 2017年第2期8卷 125-140页

作者： Sasith M. Rajasooriya Chris. P. Tsokos pubudu kalpani kaluarachchi Department of Mathematics and Statistics University Of South Florida Tampa Florida USA

Obtaining complete information regarding discovered vulnerabilities looks extremely difficult. Yet, developing statistical models requires a great deal of such complete information about the vulnerabilities. In our previous studies, we introduced a new concept of “Risk Factor” of vulnerability which was calculated as a function of time. We introduced the use of Markovian approach to estimate the probability of a particular vulnerability being at a particular “state” of the vulnerability life cycle. In this study, we further develop our models, use available data sources in a probabilistic foundation to enhance the reliability and also introduce some useful new modeling strategies for vulnerability risk estimation. Finally, we present a new set of Non-Linear Statistical Models that can be used in estimating the probability of being exploited as a function of time. Our study is based on the typical security system and vulnerability data that are available. However, our methodology and system structure can be applied to a specific security system by any software engineer and using their own vulnerabilities to obtain their probability of being exploited as a function of time. This information is very important to a company’s security system in its strategic plan to monitor and improve its process for not being exploited.

关键词： Vulnerability Lifecycle Stochastic Modeling Security Risk Factor Markov Process Risk Evaluation

Nonhomogeneous Risk Rank Analysis Method for Security Network System

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

International Journal of Communications, Network and System Sciences 2019年第1期12卷 1-10页

作者： pubudu kalpani Hitigala kaluarachchilage Chris P. Tsokos Sasith M. Rajasooriya Department of Mathematical and Physical Sciences Miami University Middletown OH USA Department of Mathematics and Statistics University of South Florida Tampa FL USA Department of Mathematics University of Dayton Dayton OH USA

Security measures for a computer network system can be enhanced with better understanding the vulnerabilities and their behavior over the time. It is observed that the effects of vulnerabilities vary with the time over their life cycle. In the present study, we have presented a new methodology to assess the magnitude of the risk of a vulnerability as a “Risk Rank”. To derive this new methodology well known Markovian approach with a transition probability matrix is used including relevant risk factors for discovered and recorded vulnerabilities. However, in addition to observing the risk factor for each vulnerability individually we have introduced the concept of ranking vulnerabilities at a particular time taking a similar approach to Google Page Rank Algorithm. New methodology is exemplified using a simple model of computer network with three recorded vulnerabilities with their CVSS scores.

关键词： Markov Chain Vulnerability Non Homogeneous Risk Analysis Network Security Google Page Rank